A Conceptual Framework for Enhancing Information Security Compliance Behaviours in E-Government in Saudi Arabia
- Publication Type:
- Thesis
- Issue Date:
- 2022
Embargoed
Filename | Description | Size | |||
---|---|---|---|---|---|
01front.pdf | contents and abstract | 522.5 kB | |||
02whole.pdf | thesis | 4.31 MB |
Copyright Clearance Process
- Recently Added
- In Progress
- Open Access
This item is currently unavailable due to the publisher's embargo.
Information and communication technology (ICT) has become integral to all communities. Governments utilise ICT to interact and connect over the internet with different stakeholders including citizens, employees, people from other countries, private businesses and other governments and people who use the services; this is named e-government.
Security threats to digital infrastructure such as e-government are growing exponentially with the proliferation of digital devices and users of ICT are experiencing more data breaches, service unavailability and other digital disruptions than ever before. That is where information security plays a vital role. Information security protects information from unauthorised access, disclosure, disruption, modification, and destruction to ensure integrity, confidentiality, and availability. To combat information security threats, organisations create security measures to stop threats against their information and technology resources. To exemplify this, information security policies specify the proper uses of organisational information and technology resources, and include formalised sets of guidelines, procedures and technical controls to which employees must adhere. However, while these guidelines provide the best directions for security, they do not automatically translate into desirable security behaviours.
Cyber criminals are widely recognised in mainstream media as being responsible for data breaches and attacks. However, employees’ intentional and unintentional non-compliance causes most security breaches despite ISPs and measures. Hence, identifying what drives employees’ compliance with ISPs and requirements is a significant advance that can guide organisations to define strategies to improve their employees’ compliance with ISPs and requirements.
To this end, first a systematic literature review was conducted to lay the groundwork for understanding the factors influencing and enhancing information security compliance behaviour. Drawing on findings from the systematic literature review and informed by concepts from social support theory and the theory of planned behaviour, along with aspects of the unified theory of acceptance and use of technology model, a theoretical framework was developed that shows the factors that can enhance employees’ compliance with information security. The framework has been based on the identified factors such as accountability of employees; adaptability of individuals; information security awareness; facilitating conditions and resources provided by the employer; monitoring of employees; social influence and technical controls that predicts information security compliance attitude and behaviour. The framework was then validated through findings from a quantitative and qualitative study in the context of e-government in Saudi Arabia. This study augments previous compliance studies by confirming previously identified factors for predicting compliance behaviour and identifying new factors.
Please use this identifier to cite or link to this item: